Cybersecurity for small and medium enterprises: the next frontier?


By Shibu Paul

The growing number of reports of cybercrimes involving small businesses shows that criminals are changing direction. Now, banks, financial institutions and large corporations are no longer their only target, but also easy prey, like small and medium-sized enterprises (SMEs) and the common man.

SMEs are important for all countries since they represent more than 90% of business enterprises. Post-pandemic, SMBs are facing increasing cyber threats as they are more connected today, not only with their customers and large enterprises, but also with government organizations. The easy availability of low-cost cyber weapons has led to an increase in phishing attempts, malware, ransomware, attacks on poorly secured Wi-Fi, and payment fraud.


According to one study, more than 50% of SMEs surveyed (companies with 100 to 1,000 employees)

reported a data breach or cyberattack in the past year.

Although SMBs are now more aware of cyber threats, a recent survey shows that around 60% of SMBs do not consider cyberattacks to be a huge risk to them and around 40% do not believe that stronger security is a priority. Last year, the average cost of a cyberattack for an SMB was over $8,000, a significant amount for any small business.

Previously, employees could simply speak to the IT staff in the office if they suspected abnormal activity on their devices. But, with remote work, employees can’t get expert help right away.

Many remote employees aren’t even aware of the security protocols on their devices. Most of the time, employees are the first line of defense against phishing or malware attacks. Thus, ongoing training and awareness are of the utmost importance.


The cybersecurity industry has yet to break into the SMB market. It successfully sells to large government and private organizations, but the SMB market has remained untouched.

The main reason for this is poor awareness and misguided beliefs, such as “cybersecurity is necessary for banks and large corporations, not for me” and the slow adoption of cyber solutions by the industry. Most SMBs also find it difficult to pay huge sums to purchase the best cybersecurity solutions.

Added to this are the technical difficulties of setting up and maintaining these solutions. Most SMBs have virtually no technical knowledge to operate the solutions. Custom solutions for small businesses are rare. Very few cybersecurity companies have developed solutions exclusively for SMBs and even those that have have not achieved commercial success. Even today, most SMBs only use antivirus software.

A list of the most essential cybersecurity technologies:

▪ Password protection / management

▪ VPN and other secure web gateways

▪ Antimalware

▪ Client firewalls

▪ Intrusion detection and prevention

▪ Automated patch management systems

▪ Anti-denial of service

▪ Encryption technologies

▪ Web Application Firewalls (WAF)



Due to the size of this market, this lucrative space is sure to attract the attention of security vendors. But security solution providers need to understand the differences between small and large businesses and come up with new technology offerings specifically for SMBs. Certain precautions can help organizations avoid cyberattacks, such as multi-factor authentication and access throttling.

Multi-Factor Authentication: Adopting strong passwords is not enough, so enterprises should follow multi-factor authentication to verify users requiring codes or biometric scans for an additional layer of protection. A measure as simple as this can provide enormous results. Reports show that multi-factor authentication can block nearly 99% of account compromises.

Limiting Access: By limiting payment authorization, organizations can reduce opportunities for vulnerability. Double endorsements can also help thwart attacks.

Cloud solutions: SMBs have been quick to adopt cloud solutions and over 60% of SMBs in the US use some cloud solution. Greater cloud adoption will enable the implementation of cloud-based solutions, such as secure messaging services, secure storage, and Cloud Access Security Broker (CASB) solutions.

Managed Solutions: Additionally, trends show that SMBs want to outsource their cybersecurity operations to an external party. An MSSP may be too much for a local grocery store, but it can be a great solution for a small or medium-sized business.

Cyber ​​insurance: Cyber ​​insurance could be the driver of cybersecurity adoption by SMEs. Insurance policies are becoming more common for them, and insurance companies will soon be launching joint insurance and security offerings, with top security companies or MSSPs.

The importance of a robust cybersecurity plan isn’t just limited to large enterprises; small businesses are also on the radar of these cybercriminals. While it may seem that hackers have little to gain by infiltrating small business networks, the truth is quite the opposite. If sound cybersecurity measures are not adopted, it could cripple companies’ intellectual property and sensitive and confidential customer information.

So, regardless of business size, cybersecurity should be a non-negotiable priority to protect sensitive information and the trust of your business and your customers.

The author is Vice President, International Sales, Array


Comments are closed.